[Secure-testing-commits] r55549 - data/CVE

Hugo Lefeuvre Thu, 07 Sep 2017 10:00:05 -0700

Author: hle
Date: 2017-09-07 16:59:42 +0000 (Thu, 07 Sep 2017)
New Revision: 55549


Modified:
   data/CVE/list
Log:
Mark CVE-2017-9996 <not-affected> in wheezy & jessie.

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-09-07 16:55:31 UTC (rev 55548)
+++ data/CVE/list       2017-09-07 16:59:42 UTC (rev 55549)
@@ -9886,10 +9886,11 @@
        NOT-FOR-US: ubuntu-image
 CVE-2017-9996 (The cdxl_decode_frame function in libavcodec/cdxl.c in FFmpeg 
2.8.x ...)
        - ffmpeg 7:3.2.5-1
-       - libav <undetermined>
-       [wheezy] - libav <not-affected> (Vulnerable code not present)
+       - libav <not-affected> (Vulnerable feature not present)
        NOTE: 
https://github.com/FFmpeg/FFmpeg/commit/1e42736b95065c69a7481d0cf55247024f54b660
        NOTE: 
https://github.com/FFmpeg/FFmpeg/commit/e1b60aad77c27ed5d4dfc11e5e6a05a38c70489d
+       NOTE: The bug affects FFmpeg's support for CHUNKY cdxl files, a feature 
that is
+       NOTE: not present in Libav. Libav detects CHUNKY files and bails out 
early.
 CVE-2017-9995 (libavcodec/scpr.c in FFmpeg 3.3 before 3.3.1 does not properly 
validate ...)
        - ffmpeg <not-affected> (Vulnerable code not present)
        - libav <not-affected> (Vulnerable code not present)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r55549 - data/CVE

Reply via email to